Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Learn from the best! Meet the four finalists headed to the FINALS of the Power BI Dataviz World Championships! Register now

Reply
RishabSajith
New Member

RLS Query - Power BI

yesterday

Hello Microsoft Community,

I’m fairly new to Row-Level Security (RLS) and have successfully implemented RLS based on a hierarchy using a summary table that contains the hierarchy structure. So when a manager logs in using his/her email ID they can see the performance of all the employees under him using : PATHCONTAINS('Employee Table (RLS)'[Path],USERPRINCIPALNAME())

 

However, I now have a new requirement. I need to grant full access to all data for a specific manager who is not part of this hierarchy.

Is there a way to implement a “special role” rule in RLS that allows this manager to view all records based on their email ID, while still maintaining the existing hierarchy-based RLS for other users?

 

Any guidance or examples would be greatly appreciated.

 

Thank you in advance!

Message 1 of 8
188 Views
0
7 REPLIES 7
danextian
Super User
Super User

13 hours ago

Try this:

IF (
    USERPRINCIPALNAME() = "thismanager@domain.com",
    TRUE(),
    PATHCONTAINS ( 'Employee Table (RLS)'[Path], USERPRINCIPALNAME() )
)


or

IF (
    --if there is a table of managers to exempt
    USERPRINCIPALNAME() IN  VALUES ( ExemptedManagersTable[manager email] ) 
    TRUE(),
    PATHCONTAINS ( 'Employee Table (RLS)'[Path], USERPRINCIPALNAME() )
)




Dane Belarmino | Microsoft MVP | Proud to be a Super User!

Did I answer your question? Mark my post as a solution!


"Tell me and I’ll forget; show me and I may remember; involve me and I’ll understand."
Need Power BI consultation, get in touch with me on LinkedIn or hire me on UpWork.
Learn with me on YouTube @DAXJutsu or follow my page on Facebook @DAXJutsuPBI.
Message 8 of 8
26 Views
0
cengizhanarslan
Super User
Super User

16 hours ago

You can extend your existing rule with an OR condition for the users who should have full access.

PATHCONTAINS ( 'Employee Table (RLS)'[Path], USERPRINCIPALNAME() )
    || USERPRINCIPALNAME() = "manager@company.com"

 

Or simply create a new role and add those people who will have full access withount bounding to the role with RLS.

_________________________________________________________
If this helped, ✓ Mark as Solution | Kudos appreciated
Connect on LinkedIn | Follow on Medium
AI-assisted tools are used solely for wording support. All conclusions are independently reviewed.
Message 7 of 8
48 Views
0
wardy912
Super User
Super User

yesterday

Hi @RishabSajith 

 

 Here's further information since you're just getting started with RLS.

 

Row-level security (RLS) guidance in Power BI Desktop - Power BI | Microsoft Learn

--------------------------------

I hope this helps, please give kudos and mark as solved if it does!

 

Connect with me on LinkedIn.

Subscribe to my YouTube channel for Fabric/Power Platform related content!

Message 6 of 8
120 Views
0
Kedar_Pande
Super User
Super User

yesterday

@RishabSajith 

 

Create one role with this DAX filter:

 

[Email] = USERPRINCIPALNAME() || 
PATHCONTAINS('Employee Table (RLS)'[Path], USERPRINCIPALNAME())

Put the special manager's email in your security table with full access flag or just list it first. This gives them OR logic - either hierarchy match OR full access.

Message 5 of 8
123 Views
RishabSajith
New Member

yesterday

Hello,

 

Im sorry, I'm new to the whole concept of Roles and View Accesses. So, am I supposed to go to Manage Roles and create a new role with nothing in it?

 

thanks,

Message 3 of 8
147 Views
0
FBergamaschi
Super User
Super User
In response to RishabSajith

yesterday

Exactly, that will make everything visible, supposing this is what you were asking

 

If this helped, please consider giving kudos and mark as a solution

@me in replies or I'll lose your thread

Want to check your DAX skills? Answer my biweekly DAX challenges on the kubisco Linkedin page

Consider voting this Power BI idea

Francesco Bergamaschi

MBA, M.Eng, M.Econ, Professor of BI

Message 4 of 8
91 Views
0
FBergamaschi
Super User
Super User

yesterday

Hello,

you can create a role in which you do not inject any filter, so just give it a name and you can assign this role to the manager through his e-mail

 

If this helped, please consider giving kudos and mark as a solution

@me in replies or I'll lose your thread

Want to check your DAX skills? Answer my biweekly DAX challenges on the kubisco Linkedin page

Consider voting this Power BI idea

Francesco Bergamaschi

MBA, M.Eng, M.Econ, Professor of BI

Message 2 of 8
178 Views

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

February Power BI Update Carousel

Power BI Monthly Update - February 2026

Check out the February 2026 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All